Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

4500 Access Lists

I am running into some confusion here, that hopefully some one can help we out with.

We have a 3005 concentrator, a 4503 and about 100 2950s. The network is VLAN routed.

By default we only have the 3005 looking to the server resources. All desktops and labs are not accessable through the VPN.

We have a remote developer that was allowed to work from home. He needs access to the lab segment.

3005 is on 10.1.16.0/23 servers are on 10.1.20.0/23 and the lab is on 10.0.16.0/23.

We put a route in the 3005 so access to the lab is available, but we need to restrict all other access. We are running Win2k Active Directory so we assigned him a static IP for remote access. What I would like to do is the VLAN connected to the lab 10.0.16.0/23 is acess list it so only he can access it and all others will be discarded.

I created an access-list like this.

access-list VPN_Access permit udp host 10.1.18.53 host 10.0.16.2 eq 10000

access-list VPN_access permit udp host 10.1.18.53 host 10.0.17.45 eq 10000

access-list VPN_Access deny udp any any eq 10000

Now I have these created but I do not have them assigned to the VLAN.

My question is: For VPN traffic using port 10000 is this the right way to do it. Also which VLAN would it be best to assign to the on where the 10.0.16.0/23 is assigned or the one where the 10.1.16.0/23 is assigned.

We never really had to do this before, so thats why I am asking. I dont want to do the wrong thing.

Any input input would be appriciated.

Thanks

1 REPLY
Silver

Re: 4500 Access Lists

Hi,

I dont see anything wrong in using port 10000 for VPN traffic. I think you should assign it to 10.0.16.0/23.

126
Views
0
Helpful
1
Replies
CreatePlease to create content